WASHINGTON — The U.S. government suspects that individuals with connections to al-Qaida and other hostile groups have repeatedly sought to obtain jobs in the intelligence community, and it reinvestigates thousands of employees a year to reduce the threat that one of its own may be trying to compromise closely held secrets, according to a classified budget document.

The CIA found that among a subset of job seekers whose backgrounds raised questions, roughly one out of every five had “significant terrorist and/or hostile intelligence connections,” according to the document, which was provided to the Washington Post by former National Security Agency contractor Edward Snowden.

The groups cited most often were Hamas, Hezbollah, and al-Qaida and its affiliates, but the nature of the connections was not described in the document.

So sharp is the fear of threats from within that last year the NSA planned to launch at least 4,000 probes of potentially suspicious or abnormal staff activity after scrutinizing trillions of employee keystrokes at work.

The anomalous behavior that sent up red flags could include staffers downloading multiple documents or accessing classified databases they do not normally use for their work, said two people familiar with the software used to monitor employee activity.

This shrouded, multimillion-dollar hunt for insider threats has suffered from critical delays in recent years and uneven implementation across agencies, the budget records show. And the spy agencies' detection systems never noticed that Snowden was copying highly classified documents from different parts of the NSA's networks.

He subsequently fled to Hong Kong and then Moscow, where he remains after being granted temporary asylum.

CIA officials said the number of applicants ultimately tied to terrorist networks or hostile foreign governments was “small” but declined to provide an exact number or the reasons the broader group of applicants initially raised concerns.

“Over the last several years, a small subset of CIA's total job applicants were flagged due to various problems or issues,” one official said in response to questions. “During this period, one in five of that small subset were found to have significant connections to hostile intelligence services and or terrorist groups.”

The intelligence community's dramatic emphasis on insider threats came in the wake of disclosures by WikiLeaks in 2010. The anti-secrecy group received hundreds of thousands of military and diplomatic documents from Army Pfc. Bradley Manning, now known as Chelsea Manning.

Congress made security a top priority and in 2011 ordered Director of National Intelligence James Clapper to set up “an effective automated insider threat detection program” to guard against similar security failures. The program was supposed to flag possible abuses, identify double agents and prevent leaks.

The project was delayed several times because the intelligence community was preoccupied with handling the fallout from Manning's leaks, the budget documents show.

Congress gave Clapper an October 2012 deadline to install the automation system and until October 2013 to have it fully operating. At the Obama administration's request, the deadlines were each pushed back a year.

Steven Aftergood, a government secrecy expert at the Federation of American Scientists, which analyzes national security policy, said he suspects the agency may respond to a lot of “false positives” — alerts for activity that is actually innocent and work-related.

“If the 4,000 cases turn up only two or three actual threats, they need to adjust their detection threshold or they'll be using a lot of resources for no purpose,” he said.

An intelligence official knowledgeable about insider-threat programs said government agencies might need to better calibrate their software and reassess their criteria for what constitutes a realistic or likely threat.